Reporting to the Detection Engineering Manager, the Detection Engineer helps to ensure the security operations function is prepared to detect and respond to security events.
The Detection Engineer works with their team to design and builid the capability necessary to detect malicious activity across the estate. Working with other security operations functions and the wider security function they will assess the monitoring and detection needs of the estate and build that capability in our SIEM, SOAR and other plaforms.
Your Responsibilities
-
Research and identify the security events and compromise detection use cases required for systems and applications across the estate.
-
Inconjuction with security architects and engineers define baseline mandatory detection requirements for common platform types or application deployment configurations.
-
Build and maintain capability to measure compromise detection capability and coverage.
-
Build detection use cases in SIEM.
-
Build playbooks in SOAR.
-
Build dashboards in SOAR and SIEM.
-
Design and build custom scripts whenever necessary (e.g. Bash, Powershell etc.).
-
Work with a range of stakeholders to develop incident triage and response procedures for detection use cases.
-
Conduct threat hunts and contribute to the continued development of threat hunting methodology.
-
Build capability to utilise threat intelligence as part of the design and operation of our tooling.
-
Contribute to the continued growth of the team through knowledge sharing.
-
Assist with audit and compliance activities.
-
Act as an escalation point for incidents and security operations tooling support as part of an on-call rota.
You are someone that:
-
Knows you can’t succeed on your own and works hard to build great relationships and collaboration within and across teams.
-
Never ducks responsibility or hides from things because they are difficult. When you see something that needs attention you take action.
-
Speaks your mind but measures the communication style and delivery. You are never afraid to share unbiased, honest, pragmatic, solution-oriented input. You help and encourage others to do likewise.
-
Constantly delivers to a high standard in everything you do, encouraging others to do the same through example.
Key Skills Required
-
Demonstrable experience of security operations in fast pace large scale environments.
-
Good understanding and experience with SIEM, SOAR and Mitre Att&ck.
-
Good understanding and experience with IDS/IPS, EDR and other security tooling.
-
Good understanding of threats, threat actor behaviours and threat analysis.
-
Can code to a reasonable standard.
-
Excellent verbal and writing communications skills with the ability to modify style to influence and effectively work directly with both technical and non-technical stakeholders.
What you can expect:
- An open and collaborative team who value and respect each other;
- An autonomous environment where you are empowered to make decisions;
- 25 days of annual leave;
- Share save scheme and „Flexible Benefits” of your choice;
- Private health insurance (includes dental insurance and health assessments);
- Excellent development opportunities including online and in-house training, access to thousands of courses online through ‘Udemy'.
Ways of working:
Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview. By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective Paddy Power Betfair role.
